扫描报告
5 /100
vmware-aria
VMware Aria Operations monitoring skill with 27 MCP tools for resources, alerts, capacity planning, anomaly detection, and report automation
This is a well-documented VMware Aria Operations monitoring skill with no executable code present. All declared capabilities are appropriate for the tool's purpose, with strong security practices including audit logging, credential isolation, HTTPS-only communication, and read-heavy operation design.
可以安装
No action required. This skill is safe for use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:allowed-tools:[Bash] → Bash→shell:WRITE |
| 网络访问 | READ | READ | ✓ 一致 | Aria Operations API over HTTPS only, documented in Architecture section |
| 文件系统 | NONE | NONE | — | No file operations declared or present in documentation |
2 项发现
中危 外部 URL 外部 URL
https://aria-ops.example.com/suite-api/api/auth/token/acquire references/setup-guide.md:219 提示 邮箱 邮箱地址
[email protected] references/setup-guide.md:136 目录结构
5 文件 · 33.4 KB · 1009 行 Markdown 4f · 971L
JSON 1f · 38L
├─
▾
evals
│ └─
evals.json
JSON
├─
▾
references
│ ├─
capabilities.md
Markdown
│ ├─
cli-reference.md
Markdown
│ └─
setup-guide.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Documentation is comprehensive and transparent about all 27 tools
✓ Read-heavy design: 21 read-only tools vs 6 write tools
✓ All write operations (acknowledge, cancel, create alert def, etc.) are audit-logged
✓ Credentials stored in environment variables only, never in config files
✓ .env file permissions enforced with chmod 600 requirement
✓ Token-based authentication with 30-minute expiry and automatic refresh
✓ Prompt injection defense via _sanitize() function
✓ HTTPS-only communication with Aria Operations API
✓ Input validation for resource_id, alert_id, and criticality enum values
✓ MCP server uses stdio transport (local-only, no network listener)
✓ Companion vmware-policy skill provides additional audit/policy enforcement